Architecture
At a high level, Konfig is comprised of two layers: the Platform Layer and the Workload Layer. The Platform Layer establishes an opinionated and enterprise-grade foundation spanning source control, CI/CD, and cloud provider. On top of this foundation sits the Workload Layer, which manages Workloads and Resources. The Workload Layer provides an opinionated Infrastructure as Code (IaC) solution. Both of these layers comprise the Control Plane, which orchestrates everything in Konfig.
Platform Layer
The Platform Layer is responsible for establishing an enterprise-grade platform spanning source control, CI/CD, and cloud provider. You can think of it as an opinionated assembly of these things which provides a robust and secure Internal Developer Platform (IDP). This includes things like establishing project structures in the cloud environment and source control system, creating IAM resources for allowing CI/CD pipelines to authenticate with the cloud environment, managing access control and governance, and configuring foundational infrastructure like VPCs. In essence, it manages Platforms, Domains, and Environments which provide the necessary foundation for the Workload Layer.
An Internal Developer Platform, or IDP, is a self-service environment that provides developers with the tools and resources needed to build and deploy applications efficiently. It automates routine tasks, streamlines workflows, and ensures consistency, ultimately accelerating development and improving software quality. IDPs also provide guardrails and standards to ensure applications are built in a way that is secure, repeatable, and meets organizational policies and controls.
Workload Layer
The Workload Layer is responsible for managing Workloads and their associated Resources. This includes provisioning infrastructure, managing IAM, and ensuring Resources are in a running state and that configuration is correct. In this sense, the Workload Layer is an IaC solution with some opinionation. In particular, Konfig builds upon and extends GCP's Config Connector, which is an operator that allows you to manage your Google Cloud infrastructure the same way you manage Kubernetes applications. While the Workload Layer is opinionated, this model allows you to step outside of Konfig's opinions when needed.
Together, the Platform Layer and Workload Layer provide a complete, end-to-end application delivery platform. However, it is possible to use an alternative IaC solution in place of the Workload Layer, such as Terraform. In this case, the Platform Layer would effectively create and manage the underlying platform that Terraform would deploy resources into. It would also provide credentials to allow Terraform to securely authenticate. However, with this model, the developer would be responsible for implementing their infrastructure and IAM using Terraform and wiring everything together. You would lose the benefits of the Workload Layer, such as Resource Templates and automatic IAM, as well as many of the benefits of the Konfig UI. You would, however, still gain the governance provided by Platforms and Domains.
While Konfig provides some built-in opinionations to improve efficiency, the Workload Layer is designed to be flexible and customizable. This allows an organization to use Konfig as is or tailor it to their needs. This is possible because Konfig provides certain primitives that an organization can use to build their own custom platform.